Identity Theft is the fastest growing crime in the US according to the FBI
 

Information Security Guidelines

Written by OSAblog on Sunday, May 17th, 2009

Information Security Policy Guidelines in your organization

By Ki Grinsing

In 1858, a telegram of 98 words from Queen Victoria to President James Buchanan of the United States opened a new era in global communication. The queen’s message of congratulation took 16½ hours to transmit through the new transatlantic telegraph cable. The president then sent a reply of 143 words back to the queen. Normally, without the cable, a dispatch in one direction would have taken perhaps 12 days by the speediest combination of inland telegraph and fast steamer.

Today, the speed of your message from UK to US could be as fast as you click the “send” button if you send a message via E-mail. Today, the organizations depend on the reliability of the system information.

Information is an asset which, like other important business assets, has value to the corporate and consequently needs to be suitably protected in reference to the management of the information security. Information security protects information from a wide range of threats in order to ensure business continuity and minimize business damage. Information security is achieved by implementing a suitable set of controls in the form of policies, procedures, organizational structures, systems and functions to ensure that the security objectives of the organization are met.

Information Security deals with a number of important concepts. Information security is concerned with ensuring the information security of all information and the systems, processes and procedures relating to the management and use of the information. Information may be in hard copy or soft copy stored on various types of information media such as diskettes, compact discs or computer networks.

  1. Information has varying degrees of sensitivity and criticality. A great deal of information may need no, or only very low levels of security. However, other information may be commercially sensitive and will require higher levels of security. Information assets must be classified and managed according to their security requirements and to ensure that security controls are commensurate with the security risks.
  2. There is increasing dependence on information systems and on the exchange of information between Business Units and with business partners. This brings with it increasing exposure to security threats.

Information security should be applied to all corporate operations. Business Units are responsible for ensuring that their information assets are appropriately protected. All users have responsibility for the information security they utilize, and management must ensure that information security controls are properly implemented. Information security does not ensure security. However, the information security does provide a framework and reference point for management to implement appropriate information security controls, and is a means of raising awareness of users’ responsibilities relating to information security.

The potential consequences of an Information Security breach can:

  1. Loss of life and injury
  2. Loss of shareholder confidence
  3. Interruption of business processes
  4. Financial loss
  5. Loss of client confidence
  6. Criminal charges
  7. Brand and reputation damage
  8. Litigation

General statement of information security policy

Information and its supporting processes, systems, and networks should be available to employees (and authorized third parties) to enable them to optimize their performance. Information must be subject to an appropriate level of control to protect it from loss, unauthorized manipulation or disclosure.

Objectives of information security standard policy:

  1. Availability: To ensure that authorized users have access to information and its supporting processes, systems and networks when required.
  2. Integrity: To safeguard the accuracy and completeness of information and associated processing methods.
  3. Confidentiality: To ensure that information is accessible to only those authorized to have access.

Purpose of information security policy

Information security olicy provides a framework for management to implement and maintain a level of information security that is commensurate with information security risks. Its purpose is to ensure that:

  1. Trust between Business Units and trading partners with whom share public and private networks are maintained.
  2. Information is secure and is protected in a manner that is commensurate with its level of sensitivity and security risk.
  3. Regulatory obligations are complied with, for example privacy legislation.

The following areas are those that need security guideline in regards to information security standard:

Careless talk

Careless Talk means:

  • Talking about business, the office, and people from work, etc where you can be overheard.
  • Discussing business with people who are not authorized to know.

Careless talk also means providing sensitive information inadvertently to someone who wants it for a specific purpose such as breaking into the corporate premises or computer systems. This is called Social Engineering.

Before you talk to someone about your work and the corporate business you should ask yourself the following question:

Does this person have a defined ‘Need to Know’?

If they don’t have a Need to Know, then you should not talk to them about information they should not hear.

Email security guideline

Email is regarded as a critical component of the corporate communications system and is provided as a business tool. The security, confidentiality and integrity of Email cannot be guaranteed and certainly cannot be considered private. Due to this, you should act professionally and appropriately at all times.

If you need to send information that is sensitive or confidential and you cannot guarantee the email security, consider another method of sending this information, unless you have approved encryption.

Instant messaging guideline

Instant Messaging (IM) is a communication tool that provides for two-way communication in real-time. For the two-way communication to occur each person must use the same IM product such as ICQ, Yahoo Messenger or MSN Messenger (called Windows Messenger in Windows XP).

We cannot guarantee Instant Messaging security for the communications of the information, the security and integrity of information via Instant Messaging cannot be guaranteed, so do not discuss sensitive business or private and personal details using Instant Messaging.

Internet policy guideline

This access is a privilege and you are expected to act professionally and appropriately while using the Internet. What you do on the Internet can be monitored internally / externally and your actions can be traced back to the computer you are using.

Internet access is a business tool, so that’s why internet security policy should be developed as guidelines to support the business. Why?

  • Information and activities can be monitored and manipulated.
  • Security of transmissions is not guaranteed.
  • Information can be easily and uncontrollably distributed.
  • Files downloaded from the Internet may contain viruses and other malicious programs.

Laptop security guideline

Laptops are very valuable organizational assets because they contain many work files that are important to the corporate and may contain sensitive business information, which must be protected at all times.

Office security guideline

The corporate business premises and office areas have a variety of physical security controls in place, however staff should be vigilant at all times. The corporate business premises and office areas have a variety of physical security controls in place, however staff should be vigilant at all times. The security guidelines should be developed to manage the following.

  • Strangers in the workplace
  • Classified information / assets
  • Clear desk
  • Screen-saver or screen-lock
  • Secure faxing
  • Secure photocopying
  • Virus scanning

Password security guideline

Your User ID, password and/or token provides you with access to information on the corporate computer systems, that only you should have access to, based on the Need to Know Principle. First guideline in password security is selecting a good password. A good password is something that cannot be easily guessed.

  • A mixture of: upper and lower case letters; numbers; and symbols
  • At least 8 characters
  • Should not be written down at any time
  • Should not be shared with anyone else.

Knowing common passwords that are easy to guess is a good thing in password security guidelines. An easy to guess password is a word that you have chosen that is related to something that is commonly known about you or could be easily ascertained.

Secure media handling

Why Should You Destroy Media Securely? Media contains your organization’s information. Unauthorized people should not have access to your organizations information at any time. When you throw something in the rubbish or waste paper bin you do not know where it can end up when it leaves your office.

Spam security

Most of you would receive physical junk mail (adverts, brochures etc) in your mailbox at home. Spam is the electronic equivalent; however there are some differences between the hardcopy version of junk mail and the email version.

It would be extremely rare for you to receive pornography and other offensive hardcopy advertisements at home unsolicited, however Spam received via email often contains this type of material or information. Therefore, an anti spam security policy regulation is needed within an organization.

Virus security

If you think you’re totally safe from virus infection because of the antivirus scanning programs installed on the corporate IT systems – think again. Hundreds or maybe thousands of new viruses and worms are introduced into the ‘wild’ every week.

Therefore you must regularly update the system at the earliest with the update patch and critical security patches. For your organization, the automatic patch update is very important to deploy such as WSUS (windows server update services) system.

Ki Grinsing is the blogmaster of www.computer-network.net and www.wireless-router-net.com

Article Source:http://www.articlesbase.com/security-articles/information-security-guidelines-920724.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • About Encryption And Making Your System Secure And Making What does encryption do for me? Encryption and cryptographic software has been used in many different ways to make systems more secure. This article discusses only a few ways that such software can make your system more secure, including: 1) Encrypting your email 2) Encrypting your files To programs......
  • Information Security Titles “Out Of Control”         We are in an era where Security and Compliance have made it to the forefront of corporate board room discussions. It is now one of the key topics on the agenda.  Are we protecting our corporate and personal data?  Are we meeting both corporate and regulatory requirements as it......
  • What is Information Assurance? Although the term Information Assurance (IA) may have a modern sound, the concept has, according to McKnight (2002), been around since the times of the Roman Empire when parchment scrolls were sealed with wax to authenticate the sender.  The practice of protecting information has changed along with the means of......
  • Data security solutions 'Take an information-centric view of security' On one side digitization of information is providing quicker access and easy sharing using the information technology (IT) platform, while on the other side, it further demands great control and management of information.   Today, the rising incidents of unauthorized information access, data thefts......
  • Tips When Getting A Car Burglar Alarm The use of security devices today is continuously increasing ranging from simple fire alarm devices to car alarm systems. These devices can be placed in each imaginable corner, reassuring the users that they are at least warned whenever a crime may happen. Well, the development of burglar alarms has gone......
Blog Traffic Exchange Related Websites
  • ipad2Attend 15th Annual Hacker Halted Information Security Event and Get a Free iPad Make plans now to attend the fifteenth annual Hacker Halted information security event - October 9-15 in Miami. The format includes a 4-day training Academy, followed by a 2-day conference on October 13-14 and 1-day of free Training (October 15) for all registrants. The two-day Conference features a comprehensive program......
  • blog5 Reasons to Start Corporate Blogging Now In today's fast paced world, where companies are built daily and there is a big scandal every week bringing a corporation crashing down. That is why it can be very beneficial to start a corporate blog. We will go into this and four other reasons for starting a corporate blog......
  • Mission Impossible Comes In a Flash Drive Remember way back when, to the days where the USB flash drives took over the marketplace as the best way to store information on the go? It eliminated the need for a floppy drive, made the invention of the ZIP drive seem irrelevant, and allowed users to store a million......
  • Top-secret America: A hidden world, growing beyond controlTop-secret America: A hidden world, growing beyond control [/caption] top-secret america: part 1 of a 3-part series from the Washington Post By Dana Priest and William Arkin The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how......
  • IOS4 v. Android 2.2: Which is Better IOS4 v. Android 2.2: Which is Better ? [/caption] By Tony Bradley, PC World With the launch of IOS4 -- the rebranded iPhone OS 4 -- and the recent unveiling of Android 2.2, the leading edge smartphones have new OS platforms to build on. There are a lot of cool "bells and whistles" type features in both, but......
 

Leave a Comment

CommentLuv Enabled

« Scanners that Measure Brain Activity in Testing Stages in the EU | Home | Keystroke Logger – Symantec Reveals Keylogger Priced at $23 »